log out problem

**Rituparna** · 02-21-2011, 03:37 PM

hey friends,
i am facing a problem in logout code.
i want that once logged out, the user should NOT go back to his/her page without relogging in.
my code goes like this inside a .jsp file...

Java Code:

<%
request.getSession().invalidate();
request.getSession(false);
%>
 <font face=papyrus color="#ffffff" ><h1>
 Thank You! You've Been Successfully Logged Out.</h1></font>
<hr />
<%
if(session.getAttribute("eml").equals("")){
    out.println("<font face=papyrus color=#ffffff size=+1>You are Not Logged In!</font>");
}
%>

but whenever i am clicking on the back button on the browser, the previous page, i.e. the user page opens up.
where am i going wrong??

please help me here.....

thanks in advance....

**Tolls** · 02-22-2011, 01:34 PM

Is it going to your server or simply drawing the user page from cache?

If it is hitting your server then you have a flaw in your security in that you aren't checking whether someone is logged in.

**vaibhavspawar** · 03-11-2011, 02:48 PM

Hello Rituparna,
Try this out...
Have a script tag for javascript & insert this statement into your javascript code.
"history.back(-1);"

All the best :)

**Rituparna** · 03-12-2011, 03:59 AM

Thanks, how will i check the session here? by this code whenever i try to back to this page it'll show error, no? but i want this to happen only the user logs out.

**SKN** · 03-14-2011, 04:48 PM

Hello
You can use a servlet filter to manage the login session, Appart from servlet the filters will provide new request , aslo there are new Filter Api for log and seesion validation,
Try this script

<script language="JavaScript">
window.history.forward(0);
</script>

hope ur problem will be solved
else send me mail to me,
My emailid sreekandannatarajan@gmail.com

**baloda** · 03-16-2011, 05:31 AM

i had same problem. this code had worked for me

session=req.getSession(false);
if(session!=null){
session.invalidate();
}

http://java-sql.blogspot.com/

**dswastik** · 03-16-2011, 07:01 AM

logout.jsp

Java Code:

<%
  session.removeAttribute("eml");
  session.invalidate();
%>

// the page where you are checking the session
<%
String eml=(String)session.getAttribute("eml");
if(eml==null){
%>
Session ended
<%
{
%>

**only_java** · 03-31-2011, 11:05 AM

If you want to use browsers back button. then create cookies and make one java script function which can track your cookies and call that java script function on body load tag in jsp page.

**Rituparna** · 04-01-2011, 03:37 PM

No, it's not working at all. Going through only-java's suggestion i changed my login code like this--

Java Code:

 String type=request.getParameter("logAs");
        String id=request.getParameter("logId");
        String p=request.getParameter("pwd");

         try {
            Context c = new InitialContext();
          loginLocal l = (loginLocal) c.lookup("java:global/OnlineHotelManagement/OnlineHotelManagement-ejb/login!pack.loginLocal");
          if(l.logMe(id, p)){
           if(type.equals("Administrator")){
           RequestDispatcher rd=request.getRequestDispatcher("Admnstr.jsp");
                  Cookie ck=new Cookie("user", type);
                   response.addCookie(ck);
           rd.forward(request, response);
           }
 else if(type.equals("booker")){
               RequestDispatcher rd=request.getRequestDispatcher("Booking.jsp");
                     Cookie ck=new Cookie("user", type);
                      response.addCookie(ck);
           rd.forward(request, response);
 }
           else{
               RequestDispatcher rd=request.getRequestDispatcher("Error.html");
                rd.forward(request, response);
 }
           }

        } catch (NamingException ne) {
            Logger.getLogger(getClass().getName()).log(Level.SEVERE, "exception caught", ne);
            throw new RuntimeException(ne);
        }

i am checking the cookie value in the Administer page by..

Java Code:

function chkCookie(){
  var user=getCookie("user");
  if (user!=null && user!="")
  {
  alert("Welcome again " + user);
  }
else
{
prompt("Please Login");
 
}
}

and calling it on the body onload tag.
but this time it's not showing the Admnstr page at all.

**Rajaa** · 05-11-2011, 07:32 AM

Hi friends U try this code:

1)login.jsp:

<html>

<head>

<title>User Login</title>
</head>
<br>
<body Bgcolor ="#0099cc"><hr><hr>

<form method="POST" action="action.jsp">
<p><b>UserName:</b> <input type="text" name="UserName" size="10"></p>
<p><b>Password:</b>   <input type="Password" name="Password" size="10"></p>
<p><input type="submit" value="Submit" name="submit"><input type=
"reset" value="Reset" name="reset"></p><hr><hr>
</form>

</body>

</html>

2)action.jsp:

<%@page import="java.util.*" %>
<script>
function go() {
window.location.replace("logout.jsp",'window','too lbar=1,location=1,directories=1,status=1,menubar=1 ,scrollbars=1,resizable=1');
self.close()
}
</script>
<%String str = request.getParameter("UserName");
session.setAttribute("UserName", request.getParameter("UserName"));%>
Welcome to <%= session.getAttribute( "UserName" ) %>
<% if (session.getAttribute("UserName").equals("")){%>
<a href="login.jsp"><b>Login </b></a>
<%}
else{%>
<a href="javascript:go()"><b>Logout</b></a>
<%}
%>

3)logout.jsp:

<%session.invalidate();%>
You have logged out. Please
<a href="a.jsp"><b>Login</b></a>

with regards Rajaa Mohaideen